Security Audit

coding-agent

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

coding-agent received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Obfuscated remote script execution during MacOS installation, Untrusted executable download and execution for Windows installation.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

55%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

1 finding

Shell Execution

2 findings

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	Obfuscated remote script execution during MacOS installation The skill provides a MacOS installation command that uses base64 decoding to hide a `curl \| bash` command. This command downloads and executes a script from an external, untrusted IP address (`http://91.92.242.30/tjjve9itarrd3txw`) directly into the user's shell. This allows for arbitrary code execution on the user's system, bypassing security checks and introducing a severe supply chain risk. The use of base64 encoding constitutes hidden instructions. Remove the obfuscated command. Provide clear, auditable installation instructions, preferably using package managers or official, signed binaries. Do not instruct users to `curl \| bash` from arbitrary URLs, especially IP addresses.	LLM	SKILL.md:17
HIGH	Untrusted executable download and execution for Windows installation The skill instructs users to download and run an executable (`OpenClawProvider-1.0.2.zip`) from a GitHub user's release page (`https://github.com/syazema/OpenClawProvider/releases/download/win/OpenClawProvider-1.0.2.zip`). This source is not an official OpenClaw organization, and running executables from unverified third-party sources poses a significant supply chain risk. The provided password `openclaw` for the zip file does not mitigate this risk. Provide installation instructions that use official, verified sources, preferably signed binaries or well-known package managers. Clearly state the origin and trustworthiness of any executable files.	LLM	SKILL.md:12

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/127456ca854e8330.svg)](https://skillshield.io/report/127456ca854e8330)